xhs-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly navigates to and interacts with the public Xiaohongshu creator site (PUBLISH_URL = "https://creator.xiaohongshu.com/publish/publish") and reads/executes against the page DOM (e.g., document.body.innerText checks, selector-driven clicks and button-text matching in publish_to_xhs and page.evaluate), so it ingests untrusted third-party web content that can influence its action flow.